Re: why can't i login to tomcat7 status page from clean install zip

[Bob Hall]

 Bo,
On Monday, December 17, 2018, 9:49:34 PM PST, Bo  wrote:
 
 >  > here is screenshot
> 
> I just tried again still no working\
> 
>. https://i.imgur.com/8bQH2YB.png

At the risk of stating the obvious, your screenshot shows: - a tomcat-users.xml 
file with three usernames: dog, god, and role1.
- a Tomcat login page with username admin
Did you try logging in with username god or adding a user with username admin?
- Bob

  

How to use server.xml with embedded Tomcat 9?

[Ryan Palmer]

Hello,

I'm using the Tomcat class to embed the container in my application. I have 
configured the CATLINA_HOME and _BASE properties, and I know those are working 
because the 'work' folder gets generated there as expected. However if I put a 
server.xml file in a 'conf' folder in the same directory, it does not seem to 
be loaded when calling Tomcat.init().

Documentation is very sparse on the Tomcat class so I am unsure how to 
configure it the "standard" way.

Thank you,
Ryan Palmer

Re: why can't i login to tomcat7 status page from clean install zip

[Bo]

here is screenshot

I just tried again still no working


https://i.imgur.com/8bQH2YB.png



On Mon, Dec 17, 2018, at 11:27 PM, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Bo,
> 
> On 12/18/18 00:10, Bo wrote:
> > I do a clean install of the tomcat7 folder and rename it to just 
> > tomcat, and without changing ANYTHING and without adding any old 
> > files yet, I start the tomcat service and try to get to the status 
> > page, but this time it won't even let me log into anything at all 
> > either, no matter what I try.
> By default, Tomcat does not allow users to view the status (manager,
> right?) page.
> 
> You have to specifically edit the tomcat-users.xml file in order to
> allow access.
> 
> > This is the tomcat7 fresh download links I used
> > 
> > https://tomcat.apache.org/download-70.cgi
> > 
> > http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.92/bin/apache-tomca
> t-7.0.92-windows-x86.zip
> >
> > https://tomcat.apache.org/tomcat-7.0-doc/appdev/deployment.html
> > 
> > I unzip the apache-tomcat-7.0.92-windows-x86.zip and put it in the 
> > root of a custom web app that I have and then I use the
> > service.bat install to trigger the services install, this is on
> > windows server so I start it up in services.msc
> > 
> > I can go to localhost fine, but it won't let me login
> > 
> > 
> > I checked the tomcat user xml file a trillion times to triple check
> > to make sure I have it right, but no matter what, even after 
> > multiple restarts, it won't even let me login to the status 
> > page!
> 
> When you say you "checked it", do you mean you /edited/ it, or is it
> still the same file that shipped with Tomcat?
> 
> > 401 Unauthorized
> > 
> > You are not authorized to view this page. If you have not changed
> > any configuration files, please examine the file
> > conf/tomcat-users.xml in your installation. That file must contain
> > the credentials to let you use this webapp.
> > 
> > For example, to add the manager-gui role to a user named tomcat
> > with a password of s3cret, add the following to the config file
> > listed above.
> > 
> >   > password="s3cret" roles="manager-gui"/>
> > 
> > Note that for Tomcat 7 onwards, the roles required to use the
> > manager application were changed from the single manager role to
> > the following four roles. You will need to assign the role(s)
> > required for the functionality you wish to access.
> > 
> > manager-gui - allows access to the HTML GUI and the status pages 
> > manager-script - allows access to the text interface and the status
> > pages manager-jmx - allows access to the JMX proxy and the status
> > pages manager-status - allows access to the status pages only
> > 
> > The HTML interface is protected against CSRF but the text and JMX
> > interfaces are not. To maintain the CSRF protection:
> > 
> > Users with the manager-gui role should not be granted either the
> > manager-script or manager-jmx roles. If the text or jmx interfaces
> > are accessed through a browser (e.g. for testing since these
> > interfaces are intended for tools not humans) then the browser must
> > be closed afterwards to terminate the session.
> > 
> > For more information - please see the Manager App HOW-TO.
> > 
> 
> Without revealing any passwords, can you post your ENTIRE (again,
> redacted) tomcat-users.xml file?
> 
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwYhR4ACgkQHPApP6U8
> pFhZ6BAAkhA4xXe6iSF2k4kK4NoK0N9ViCaW8CaFQjcM324FkyN4t66lnOEQXAVm
> hIcnOdyveCRQxuNK6TYbBSOG+0KXmuReXelGaGs37hMHGEzaxGUkrkoU7ntDZBvB
> euvXOUmOjJDNgGVP5FnH5iiqsRhRpL6Fd7a5n1upAzJSryXelOVuf3q+kD7y+7Fm
> vuT6NAiee/2efnN2vXGv0vGqAGoSLDUHIvGKXinv/JGbIf6JIIqb1ZGo9KuUPp+j
> tIEaKSB42blqZ/SntEk44i5hmQctX6eTlvbl+u8XDExfQGNCnru0A9xCtV9/3v5q
> ZbNB9e8Z2DhoaB4S57wuCxNCqsXuyOvZz4YWsQ70Cx+u5G8tmfVfUZUfmndUWuqC
> /dvIEreFZLzcSr+eh7mym7iRbktcb0G6iXnVJBpl0zYhLZsdckZ4WpArjHZHuC2J
> O/5umGbavG59SI6SYl41Ww1aYRxIKMKsXcVoi/RjVk202EcaSQ/xti8/9ar51CmN
> 2QtdoTGqud+qJVT1OflcxB+rirrw/ZEGWg8nVOA5A5acqMsPgF6HxjI+aOgZvO+Q
> ewQUpjkYamhnIo0JgZR9H7TyhpB6v+emhvd+h1ny+v0nozJPiv3NSjsLJkd8uepa
> LT8q43HxySWk7m53t60GRnOS/R9un4XOFRZ+VdTya78hK4ONdBA=
> =yC4/
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 

Re: why can't i login to tomcat7 status page from clean install zip

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bo,

On 12/18/18 00:10, Bo wrote:
> I do a clean install of the tomcat7 folder and rename it to just 
> tomcat, and without changing ANYTHING and without adding any old 
> files yet, I start the tomcat service and try to get to the status 
> page, but this time it won't even let me log into anything at all 
> either, no matter what I try.
By default, Tomcat does not allow users to view the status (manager,
right?) page.

You have to specifically edit the tomcat-users.xml file in order to
allow access.

> This is the tomcat7 fresh download links I used
> 
> https://tomcat.apache.org/download-70.cgi
> 
> http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.92/bin/apache-tomca
t-7.0.92-windows-x86.zip
>
>  https://tomcat.apache.org/tomcat-7.0-doc/appdev/deployment.html
> 
> I unzip the apache-tomcat-7.0.92-windows-x86.zip and put it in the 
> root of a custom web app that I have and then I use the
> service.bat install to trigger the services install, this is on
> windows server so I start it up in services.msc
> 
> I can go to localhost fine, but it won't let me login
> 
> 
> I checked the tomcat user xml file a trillion times to triple check
>  to make sure I have it right, but no matter what, even after 
> multiple restarts, it won't even let me login to the status 
> page!

When you say you "checked it", do you mean you /edited/ it, or is it
still the same file that shipped with Tomcat?

> 401 Unauthorized
> 
> You are not authorized to view this page. If you have not changed
> any configuration files, please examine the file
> conf/tomcat-users.xml in your installation. That file must contain
> the credentials to let you use this webapp.
> 
> For example, to add the manager-gui role to a user named tomcat
> with a password of s3cret, add the following to the config file
> listed above.
> 
>   password="s3cret" roles="manager-gui"/>
> 
> Note that for Tomcat 7 onwards, the roles required to use the
> manager application were changed from the single manager role to
> the following four roles. You will need to assign the role(s)
> required for the functionality you wish to access.
> 
> manager-gui - allows access to the HTML GUI and the status pages 
> manager-script - allows access to the text interface and the status
> pages manager-jmx - allows access to the JMX proxy and the status
> pages manager-status - allows access to the status pages only
> 
> The HTML interface is protected against CSRF but the text and JMX
> interfaces are not. To maintain the CSRF protection:
> 
> Users with the manager-gui role should not be granted either the
> manager-script or manager-jmx roles. If the text or jmx interfaces
> are accessed through a browser (e.g. for testing since these
> interfaces are intended for tools not humans) then the browser must
> be closed afterwards to terminate the session.
> 
> For more information - please see the Manager App HOW-TO.
> 

Without revealing any passwords, can you post your ENTIRE (again,
redacted) tomcat-users.xml file?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwYhR4ACgkQHPApP6U8
pFhZ6BAAkhA4xXe6iSF2k4kK4NoK0N9ViCaW8CaFQjcM324FkyN4t66lnOEQXAVm
hIcnOdyveCRQxuNK6TYbBSOG+0KXmuReXelGaGs37hMHGEzaxGUkrkoU7ntDZBvB
euvXOUmOjJDNgGVP5FnH5iiqsRhRpL6Fd7a5n1upAzJSryXelOVuf3q+kD7y+7Fm
vuT6NAiee/2efnN2vXGv0vGqAGoSLDUHIvGKXinv/JGbIf6JIIqb1ZGo9KuUPp+j
tIEaKSB42blqZ/SntEk44i5hmQctX6eTlvbl+u8XDExfQGNCnru0A9xCtV9/3v5q
ZbNB9e8Z2DhoaB4S57wuCxNCqsXuyOvZz4YWsQ70Cx+u5G8tmfVfUZUfmndUWuqC
/dvIEreFZLzcSr+eh7mym7iRbktcb0G6iXnVJBpl0zYhLZsdckZ4WpArjHZHuC2J
O/5umGbavG59SI6SYl41Ww1aYRxIKMKsXcVoi/RjVk202EcaSQ/xti8/9ar51CmN
2QtdoTGqud+qJVT1OflcxB+rirrw/ZEGWg8nVOA5A5acqMsPgF6HxjI+aOgZvO+Q
ewQUpjkYamhnIo0JgZR9H7TyhpB6v+emhvd+h1ny+v0nozJPiv3NSjsLJkd8uepa
LT8q43HxySWk7m53t60GRnOS/R9un4XOFRZ+VdTya78hK4ONdBA=
=yC4/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

why can't i login to tomcat7 status page from clean install zip

[Bo]

I do a clean install of the tomcat7 folder and rename it to just tomcat, and 
without changing ANYTHING and without adding any old files yet, I start the 
tomcat service and try to get to the status page, but this time it won't even 
let me log into anything at all either, no matter what I try.


This is the tomcat7 fresh download links I used



https://tomcat.apache.org/download-70.cgi

http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.92/bin/apache-tomcat-7.0.92-windows-x86.zip

https://tomcat.apache.org/tomcat-7.0-doc/appdev/deployment.html

I unzip the apache-tomcat-7.0.92-windows-x86.zip 

 and put it in the root of a custom web app that I have and then I use the 
service.bat install to trigger the services install, this is on windows server 
so I start it up in services.msc

I can go to localhost fine, but it won't let me login


I checked the tomcat user xml file a trillion times to triple check to make 
sure I have it right, but no matter what, even after multiple restarts, it 
won't even let me login to the status page!


401 Unauthorized

You are not authorized to view this page. If you have not changed any 
configuration files, please examine the file conf/tomcat-users.xml in your 
installation. That file must contain the credentials to let you use this webapp.

For example, to add the manager-gui role to a user named tomcat with a password 
of s3cret, add the following to the config file listed above.




Note that for Tomcat 7 onwards, the roles required to use the manager 
application were changed from the single manager role to the following four 
roles. You will need to assign the role(s) required for the functionality you 
wish to access.

 manager-gui - allows access to the HTML GUI and the status pages
 manager-script - allows access to the text interface and the status pages
 manager-jmx - allows access to the JMX proxy and the status pages
 manager-status - allows access to the status pages only

The HTML interface is protected against CSRF but the text and JMX interfaces 
are not. To maintain the CSRF protection:

 Users with the manager-gui role should not be granted either the 
manager-script or manager-jmx roles.
 If the text or jmx interfaces are accessed through a browser (e.g. for testing 
since these interfaces are intended for tools not humans) then the browser must 
be closed afterwards to terminate the session.

For more information - please see the Manager App HOW-TO.

Re: JMS Testing

[Guang Chao]

On Tue, Dec 18, 2018 at 7:22 AM Rajendra  wrote:

> Hi,
>
> How to test JMS on Tomcat without writing client code? Please let me know
> if anyone knows the steps or process.
>
>
Hi, I think it would depend on the implementation you are using.


> Thanks !
>
> Rajendra
>
>

-- 
Guang 

Re: JMS Testing

[Alex O'Ree]

JMS is a programming api that is an abstraction for a messaging service.
There's a bunch of implementations of the JMS API, such like car's have the
same human to car interface (steering wheel, pedals, etc), however there's
tons of types and manufacturers. Tomcat serves up web content. Some JMS
brokers may offer endpoints that are web based or management functions that
are web based, but most JMS implementations (that I know of) do not use
HTTP as a transport.

So your question doesn't make sense IMO. JMS is an API. If you want to test
a specific vendor's implementation on tomcat, you may want to consult their
documentation. If you want to test their conformance to JMS, there may be a
technical conformance kit (TCK) which can be used to help automate the
process.

On Mon, Dec 17, 2018 at 6:22 PM Rajendra  wrote:

> Hi,
>
> How to test JMS on Tomcat without writing client code? Please let me know
> if anyone knows the steps or process.
>
> Thanks !
>
> Rajendra
>
>

JMS Testing

[Rajendra]

Hi,

How to test JMS on Tomcat without writing client code? Please let me know if 
anyone knows the steps or process.

Thanks !

Rajendra

Re: Using existing pki certificates to enable SSL on tomcat 9

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sam,

On 12/16/18 22:00, Sam G wrote:
> Hi, I've installed Apache Tomcat 9 on windows 2016 64bit server.
> Our SA has requested a PKI certificate for the windows server feom
> our CA and got one. I need help with steps involved in using that
> existing certificate to enable SSL on Tomcat.

http://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Importing_the_Cer
tificate

- -chris

-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwXyfkACgkQHPApP6U8
pFgY3w//fyqkDFf4aVhy0dAPXqmwXZJSiY6qIpmN5+QoSLEFqPR64Xda/QRt25TQ
JahlmGsCiYTzbfCVgXnIZ5vkAvd7Ei4A0X722RJRR9t52CGNeH61FNfykzKINPDW
GJ10ATXxhfHbjgHNQpp0ZjInLpTBI9ezZH0lW1p+eBUqdEiscIu2YQ+CtHLjum8i
Pvbkk+31iSVsg0zP13of4jIlLCxhwNe8bVCLUsTxcI7c1fgqJPonnz5w/9V7PUX+
jTx/h4EY104i9RqCoOGB6xjHCQSxKdOc4P6jiYDnhx9/6kiGvLEpVFTSIHI3NE1V
kUXB00e18UmXTzIPPKHJHUPjauWBVwLpPzHIMSB5lewarMi+z4bdyurYIENAjB40
k7tcQSaBlL+rFqz3S2STOy5CUH2OveSaA4+MhlygGfQxnQmBnOBM3zrgCgyIWmyk
TGn3XeEGCl3VYMKd2igmQAOSZ/CIDboLED3z5kECTIQ98IQUz1+aeUjB01p9DkI+
gOy4As2VsTFvYNNYYr6P+pTSGeHOXDTj7bSxbfU28/eKhnD5HY8xbTQzAc+nAgrC
u1uhpom0J7mbz8KvfnHt+LgktjAMK6t4n9NQmT+mSrGmbKP25tlrKHWcRtU+s2Hl
qZe5GI/GgYqLQgJyO9ogItbsbtJJLH4NmB6JVzohr/9D61w5aqA=
=1ny6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Scan Finding Error! (UNCLASSIFIED)

[Lueders, Paul T CIV USARMY NGIC (US)]

CLASSIFICATION: UNCLASSIFIED

Take a look at the error page section of the web.xml.  You may need to edit 
this file.

Paul

-Original Message-
From: danyaal.ha...@bcbssc.com [mailto:danyaal.ha...@bcbssc.com] 
Sent: Monday, December 17, 2018 8:56 AM
To: users@tomcat.apache.org
Subject: [Non-DoD Source] Scan Finding Error!

Good Morning,
I'm encountering following scan finding errors and couldn't find way to 
mitigate this.

Tomcat 8.5.32
12085
Apache Tomcat Default Files
The following default files were found 
:/nessus-check/default-404-error-page.html
Delete the default index page and remove the example JSP and servlets. Follow 
the Tomcat or OWASP instructions to replace or modify the default error page.

Thank you,
Danyaal
B�CB��[��X��ܚX�KK[XZ[
�\�\��][��X��ܚX�P�X�]
�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[
�\�\��Z[�X�]
�\X�K�ܙ�B�


CLASSIFICATION: UNCLASSIFIED

Scan Finding Error!

[DANYAAL.HANIF]

Good Morning,
I'm encountering following scan finding errors and couldn't find way to 
mitigate this.

Tomcat 8.5.32
12085
Apache Tomcat Default Files
The following default files were found 
:/nessus-check/default-404-error-page.html
Delete the default index page and remove the example JSP and servlets. Follow 
the Tomcat or OWASP instructions to replace or modify the default error page.

Thank you,
Danyaal

Re: [slightly OT] Re: Tomcat 9 does not work with Java 11

[Andi Meister]

Hi Cris,

thank you very much for your help!

Here are the answers to your questions:
- Tomcat Windows Service has problems during automatic startup AND manual
startup from the Service panel.
- Older Java Versions: Using C:\Program
Files\Java\jre1.8.0_181\bin\server\jvm.dll Tomcat services starts. No
problems then.
- Windows Event Log: Message is only " The Apache Tomcat 9.0 Tomcat9
service terminated with service-specific error Incorrect function.. "
- Tomcat Service Panel: I specified the location of jvm.dll and do NOT use
default.
- Windows Server 2008 is 64bit. And so is Java and Tomcat.

Best regards,
Andi


Am Mi., 12. Dez. 2018 um 19:54 Uhr schrieb Berneburg, Cris J. - US <
cberneb...@caci.com>:

> Hi Andi
>
> am> Another try on a third Windows Server 2008 R2 that never contained
> Java or Tomcat.
> am> I am logged in as local administrator.
> am> Installed Java 11 and Tomcat 9.
> am> And again same error :(
> am> I would really appreciate any help.
>
> Sorry you are going through all this trouble.  I have not tried Java 11
> yet.
>
> cs> The installer should be detecting all of that, but
> cs> at this point you are grasping at straws, anyway.
>
> Also, as long as you're "grasping at straws" :-) I have some basic
> questions:
>
> am> Since it works when I start Tomcat by startup.bat, it must be
> am> something with the service, right?
>
> I can't remember, does your Tomcat Windows Service have a problem during
> automatic startup *and* manual startup from the Services panel (not
> startup.bat)?
>
> Have you tried installing older versions of Java with Tomcat 9 on Windows
> Server 2008 to verify that the Tomcat Windows Service works with older Java
> versions?  Sorry, I can't remember if you tried that either.
>
> Does Windows Event Log say anything meaningful, other than "Error Code 1"
> (or something like that)?
>
> am> It also tried to change the START-MODE to Java.
> am> Then Tomcat service started! But it could not be stopped anymore. Only
> am> by killing Java.exe.
>
> When you run Tomcat9.exe, is the Java location specified, or do you have
> "use default" selected?  Hmm... if the Service started then that must not
> be the problem.
>
> am> When I start Tomcat by using startup.bat it works!
> [SNIP]
> am> - Installed Java 11 (File: jdk-11.0.1_windows-x64_bin.exe)
>
> Is your Windows Server 2008 32-bit or 64bit?  Hmm again... If 64-bit Java
> were installed on a 32-bit OS, Java would not run at all, so that's not it.
>
> Guess I'm grasping at straws too.  :-)
>
> --
> Cris Berneburg
> Tomcat Newbie
>
>